Microsoft.AspNetCore.Authentication.OpenIdConnect needs updating

[howcheng]

Microsoft.AspNetCore.Authentication.OpenIdConnect should be updated to a non-deprecated version. The version that's referenced here includes System.IdentityModel.Tokens.Jwt and Microsoft.IdentityModel.JsonWebTokens 5.5.0, both of which are marked as vulnerable as per GHSA-59j7-ghrg-fj52.

[amanda-tarafa]

There are no not-deprecated versions of Microsoft.AspNetCore.Authentication.OpenIdConnect that are compatible with netcoreapp3.0, which is the target .NET version of Google.Apis.Auth.AspNetCore3, so for upgrading the dependency version we also need to upgrate the targets. Dropping netcoreapp3.0 shouldn't be a problem in itself because it has been out of support since 2020. netcoreapp3.1 has also been out of support since 2022, so we'd neet to make a decision on what to target. We'll look at this in January. For now, and because this is really about upgrading .NET targets, I'll mark this as a feature request.

[PaulusParssinen]

Happy to hear that there's finally consideration towards dropping targets that have been EOL for long long time.